Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c3/77d6ee-a8e1-4b01-83cb-2f6769e75f24/1/NAkfZdC-lHIooI3gKnWXiaH-HsE.roa
File:                     NAkfZdC-lHIooI3gKnWXiaH-HsE.roa (raw, json)
Hash identifier:          w3/vlIu5NjwEAa3XQiOFjmWkJL3BENVNbQUqUr266qk=
Subject key identifier:   34:09:1F:65:D0:BE:94:72:28:A0:8D:E0:2A:75:97:89:A1:FE:1E:C1
Certificate issuer:       /CN=d7301f772753d80a7b62c2d213d347a3b9ebe885
Certificate serial:       0194266B5DFF54D17CFC1E36BB1B8E3EDF5C
Authority key identifier: D7:30:1F:77:27:53:D8:0A:7B:62:C2:D2:13:D3:47:A3:B9:EB:E8:85
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1zAfdydT2Ap7YsLSE9NHo7nr6IU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c3/77d6ee-a8e1-4b01-83cb-2f6769e75f24/1/NAkfZdC-lHIooI3gKnWXiaH-HsE.roa
Signing time:             Thu 02 Jan 2025 09:49:18 +0000
ROA not before:           Thu 02 Jan 2025 09:49:18 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     34658
IP address blocks:        2a0f:45c7::/32 maxlen: 32
                          2a13:fd80::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c3/77d6ee-a8e1-4b01-83cb-2f6769e75f24/1/1zAfdydT2Ap7YsLSE9NHo7nr6IU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c3/77d6ee-a8e1-4b01-83cb-2f6769e75f24/1/1zAfdydT2Ap7YsLSE9NHo7nr6IU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1zAfdydT2Ap7YsLSE9NHo7nr6IU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 14:00:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:26:6b:5d:ff:54:d1:7c:fc:1e:36:bb:1b:8e:3e:df:5c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d7301f772753d80a7b62c2d213d347a3b9ebe885
        Validity
            Not Before: Jan  2 09:49:18 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=34091f65d0be947228a08de02a759789a1fe1ec1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f7:34:44:0b:32:83:ac:df:16:d1:98:4c:d0:02:
                    e2:d0:8a:33:58:fc:a4:9d:0d:f0:89:27:08:bc:d3:
                    0c:e6:5d:b6:19:68:7e:39:ad:28:22:93:87:2f:2a:
                    f5:04:43:96:a1:49:8b:18:8a:6e:8c:95:e5:97:e8:
                    e8:da:3b:ae:5e:25:eb:4d:3a:5e:b1:31:0e:b6:4a:
                    bf:d2:2e:87:32:74:96:17:7c:93:e0:20:33:5e:32:
                    b1:79:ab:ca:ea:a8:33:a2:4a:3d:05:27:d2:ef:36:
                    c5:ed:b7:26:73:97:9b:ff:00:a4:99:b5:4d:4a:78:
                    0d:cd:20:32:22:72:3e:21:f2:87:30:9c:6f:b4:f9:
                    9b:d4:e2:47:70:27:80:ee:24:0c:ac:93:38:6e:34:
                    55:b7:92:3d:4b:bf:ad:da:f3:93:06:56:23:0c:e5:
                    eb:0c:f4:ab:75:33:dc:e6:0e:bc:94:bd:da:74:8e:
                    a8:ae:5e:9f:10:35:f6:4d:aa:e7:2c:a1:78:88:9b:
                    35:4e:a9:55:83:ab:70:01:c4:9b:cd:5f:37:62:d6:
                    9c:59:d8:83:42:65:04:e1:65:a3:7c:64:71:31:62:
                    2c:aa:ef:7a:e4:3c:66:3a:63:21:f0:f0:85:2a:65:
                    1a:4b:4e:09:d1:54:84:71:93:d1:5b:70:55:39:76:
                    63:7b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                34:09:1F:65:D0:BE:94:72:28:A0:8D:E0:2A:75:97:89:A1:FE:1E:C1
            X509v3 Authority Key Identifier:
                keyid:D7:30:1F:77:27:53:D8:0A:7B:62:C2:D2:13:D3:47:A3:B9:EB:E8:85

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1zAfdydT2Ap7YsLSE9NHo7nr6IU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/77d6ee-a8e1-4b01-83cb-2f6769e75f24/1/NAkfZdC-lHIooI3gKnWXiaH-HsE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/77d6ee-a8e1-4b01-83cb-2f6769e75f24/1/1zAfdydT2Ap7YsLSE9NHo7nr6IU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0f:45c7::/32
                  2a13:fd80::/32

    Signature Algorithm: sha256WithRSAEncryption
         96:d7:4a:9c:e6:8d:f9:91:ee:40:6b:51:95:b5:c8:da:57:7b:
         d6:93:16:88:a9:31:45:d8:ec:e6:56:9c:49:2a:57:5f:af:d3:
         b2:a8:25:6e:dc:eb:81:51:15:48:88:a7:2c:e4:32:33:97:d2:
         4a:a2:c0:e4:ab:8b:04:1d:9d:1a:04:87:c2:ef:d4:55:46:c7:
         cc:40:16:b6:62:a6:6c:cd:33:23:49:b0:69:31:49:6c:e1:55:
         d1:56:57:2e:f4:0f:2f:3f:a0:bb:ee:d3:bb:ba:b8:1c:48:3b:
         07:b0:7b:6e:10:02:a5:54:bd:1a:99:37:ff:9b:ec:c4:3c:48:
         95:55:dc:94:7a:08:22:61:9b:02:6d:ad:57:3a:41:79:15:d8:
         ff:78:ce:46:74:a2:40:4f:a5:9c:51:07:34:02:7a:83:d9:fe:
         f6:5e:18:81:de:85:14:20:70:42:2e:28:97:57:83:c1:9e:c1:
         e7:0c:95:a6:5a:bd:0f:da:7b:61:5c:ef:eb:5b:37:dd:9f:9c:
         93:14:e2:79:e8:37:05:ea:40:82:22:3c:fc:48:74:c1:cf:cb:
         f1:64:2f:22:b1:b8:af:0c:8b:5a:d0:5e:cc:77:92:cb:4d:58:
         36:17:b4:8a:11:da:ac:6d:c3:26:76:9e:d6:a7:74:b6:b6:38:
         93:88:41:09
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAZQma13/VNF8/B42uxuOPt9cMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ3MzAxZjc3Mjc1M2Q4MGE3YjYyYzJkMjEzZDM0N2EzYjll
YmU4ODUwHhcNMjUwMTAyMDk0OTE4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNDA5MWY2NWQwYmU5NDcyMjhhMDhkZTAyYTc1OTc4OWExZmUxZWMxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA9zRECzKDrN8W0ZhM0ALi0IozWPyk
nQ3wiScIvNMM5l22GWh+Oa0oIpOHLyr1BEOWoUmLGIpujJXll+jo2juuXiXrTTpe
sTEOtkq/0i6HMnSWF3yT4CAzXjKxeavK6qgzoko9BSfS7zbF7bcmc5eb/wCkmbVN
SngNzSAyInI+IfKHMJxvtPmb1OJHcCeA7iQMrJM4bjRVt5I9S7+t2vOTBlYjDOXr
DPSrdTPc5g68lL3adI6orl6fEDX2TarnLKF4iJs1TqlVg6twAcSbzV83YtacWdiD
QmUE4WWjfGRxMWIsqu965DxmOmMh8PCFKmUaS04J0VSEcZPRW3BVOXZjewIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFDQJH2XQvpRyKKCN4Cp1l4mh/h7BMB8GA1UdIwQY
MBaAFNcwH3cnU9gKe2LC0hPTR6O56+iFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMXpBZmR5ZFQyQXA3WXNMU0U5TkhvN25yNklVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMy83N2Q2ZWUtYThlMS00YjAxLTgzY2It
MmY2NzY5ZTc1ZjI0LzEvTkFrZlpkQy1sSElvb0kzZ0tuV1hpYUgtSHNFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMy83N2Q2ZWUtYThlMS00YjAxLTgzY2ItMmY2NzY5ZTc1ZjI0
LzEvMXpBZmR5ZFQyQXA3WXNMU0U5TkhvN25yNklVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAAjAOAwUAKg9FxwMF
ACoT/YAwDQYJKoZIhvcNAQELBQADggEBAJbXSpzmjfmR7kBrUZW1yNpXe9aTFoip
MUXY7OZWnEkqV1+v07KoJW7c64FRFUiIpyzkMjOX0kqiwOSriwQdnRoEh8Lv1FVG
x8xAFrZipmzNMyNJsGkxSWzhVdFWVy70Dy8/oLvu07u6uBxIOwewe24QAqVUvRqZ
N/+b7MQ8SJVV3JR6CCJhmwJtrVc6QXkV2P94zkZ0okBPpZxRBzQCeoPZ/vZeGIHe
hRQgcEIuKJdXg8GewecMlaZavQ/ae2Fc7+tbN92fnJMU4nnoNwXqQIIiPPxIdMHP
y/FkLyKxuK8Mi1rQXsx3kstNWDYXtIoR2qxtwyZ2ntandLa2OJOIQQk=
-----END CERTIFICATE-----